Hello,
I’ve got a VyOS LAB with 2 LAN :
DMZ (WEB SRV 172.20.0.100 PORT 80)
LAN 172.16.0.0/24
WAN 192.168.1.13
ZONE POLICY CONFIGURATION
Name: DMZ
Interfaces: eth1
From Zone:
name firewall
LAN LAN-LAN-DROP
WAN FROM-INTName: LAN
Interfaces: eth2
From Zone:
name firewall
DMZ LAN-LAN-DROP
WAN FROM-INTName: WAN
Interfaces: eth0
From Zone:
name firewall
DMZ LAN-LAN-OK
LAN LAN-LAN-OK
FIREWALL CONFIG :
firewall {
all-ping enable
broadcast-ping disable
config-trap disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name FROM-INT {
default-action drop
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
state {
invalid enable
}
}
rule 100 {
action accept
destination {
address 172.20.0.100
port 80
}
log enable
protocol tcp
}
}
name LAN-LAN-DROP {
default-action drop
}
name LAN-LAN-OK {
default-action accept
}
NAT DESTINATION CONFIGURATION
nat {
destination {
rule 1 {
destination {
address 172.20.0.100
port 80
}
inbound-interface eth0
protocol tcp
translation {
address 192.168.1.13
port 80
}
}
}
For me it’s impossible to get web page from 192.168.1.0/24 but i can connect to SSH on VyOS.
Who can help me ?
Thanks